Wednesday, January 23, 2008

Robotic Fly

According to the DeviceGuru Blog, Harvard faculty member Dr. Robert Wood successfully directed a project that created the world's smallest robotic fly. With a wingspan of 1.2 inches (3 cm) and a weight of 0.002 ounces (60 mg), the robotic fly can generate enough thrust to takeoff.

The "Flybot" will be showcased at New York's Museum of Modern Art starting Feb. 24. Funding for this project was awarded to the Harvard University Microbotics Lab from DARPA (the U.S. Defense Advanced Research Projects Agency). In turn, DARPA hopes to gain access to micro-miniature surveillance technologies.

I figure a picture can say a thousand words. Here's a video of the "Flybot" posted on YouTube:
I find this fascinating, yet I'm also reminded of Big Brother in George Orwell's novel, Nineteen Eighty-Four. Specifically, I'm thinking about the potential misuse of technology by individuals and society. Nonetheless there's also countless benefits with such technology that are yet to be realized.

Robotic Fly to Descend on New York [DeviceGuru]
Design and the Elastic Mind [MoMA]
Harvard Microrobotics Lab [link]
DARPA [link]

Wednesday, January 16, 2008

OpenVPN and DD-WRT on Linksys WRT54GL

I've been running IPCOP as my home firewall for a couple of years. I was also running OpenVPN on my firewall to allow for remote road warrior VPN connections. The combination worked great; protecting my home network while providing secure remote access. Still, the geek in me wanted to consolidate my hardware and experiment with dd-wrt. After a little research I found out that there was OpenVPN support for dd-wrt. However, looking at the documentation and various forums I didn't see anything showing me how to set up a successful road warrior tunnel. After an evening of experimenting got it to work; DD-WRT and OpenVPN running on a Linksys WRT54GL allowing inbound road warrior connections using tunnel mode. Here's what I did.

First, this is what I had setup previously:
  • DSL modem which plugged into
  • Computer running IPCOP and OpenVPN which plugged into
  • Switch and a separate WAP (a Linksys wireless access point)
I wanted to consolidate the last three pieces of hardware (firewall/OpenVPN, switch and WAP). My plan was to have the following:
  • DSL modem which plugs into
  • Linksys WRT54GL running DD-WRT and OpenVPN (also providing switch ports and a WAP)
So, I began my search through the DD-WRT website [link].
  1. Download
  2. Download
  3. Reset Linksys WRT54GL to factory defaults. The router will have a default IP of with a blank username and password “admin”.
  4. Update WRT54GL firmware with dd-wrt.v23_mini_wrt54g.bin (from step 1) using http (not https)
  5. Log back into the router via the web console (username will now be 'root' and password remains 'admin') and update the firmware (Administration | Firmware Upgrade) a second time with dd-wrt.v23_vpn_wrt54g.bin (from step 2)
  6. Here we run into a minor bug - upon reboot of the router you won't be able to access the web admin pages. No worries. Hold the reset button on the back of the router for five seconds. It'll reboot and you'll be able to access the web console successfully once again.
  7. Login to the updated WRT54GL (router) with web browser and configure as needed (e.g., change root password, enable wireless security with WPA or WPA2, DynDNS, enable sshd, disable telnet, etc). Backup the config when done (Administration | Backup).
  8. Reboot router (Administration | Management | Reboot Router)
  9. Create OpenVPN certificates for server and client. I'm running Ubuntu as my OS and already had OpenVPN installed (`sudo aptitude install openvpn`). Instructions on how to create the certificates can be found here.
  10. Log back in to router and go to ADMINISTRATION | COMMANDS
  11. Enter the following into the command shell box (the idea for this step was found here). Paste your certificates in where it says “…INSERT YOUR OWN CONTENT HERE…
cd /tmp

echo "
# Initial Options
dev tun
tun-mtu 1400
proto udp
port 1194
mode server
ifconfig-pool-persist ipp.txt

# Certificates and Keys
ca ca.crt         # Certificate authority (CA) file
dh dh1024.pem     # File containing Diffie Hellman parameters
cert server.crt   # Local peer's signed certificate
key server.key    # Local peer's private key

# Additional Options
keepalive 10 60
status openvpn-status.log
log openvpn.log
cipher BF-CBC
max-clients 100
verb 3
mute 20
" > openvpn.conf

echo "
" > ca.crt
echo "
" > server.key
chmod 600 server.key
echo "
" > server.crt
echo "
" > dh1024.pem

sleep 5
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --config openvpn.conf
  1. Click on SAVE STARTUP at bottom of webpage.
  2. Enter the following into the command shell for box to punch the right firewall holes
/usr/sbin/iptables -I INPUT -p udp --dport 1194 -j ACCEPT
/usr/sbin/iptables -I INPUT -i tun+ -j ACCEPT
/usr/sbin/iptables -I FORWARD -i tun+ -j ACCEPT
  1. Click on SAVE FIREWALL at bottom of webpage and then Reboot router (Administration | Management | Reboot Router)
  2. Setup OpenVPN clien. Here's a sample openvpn-client.conf file from my laptop:
dev tun
proto udp
tun-mtu 1400
remote dyndns-hostname-or-ip-of-server 1194
ca /home/username/openvpn/keys/home/ca.crt
cert /home/username/openvpn/keys/home/client1.crt
key /home/userame/openvpn/keys/home/client1.key
cipher BF-CBC
verb 3
ns-cert-type server
route remote_host net_gateway
route vpn_gateway
route vpn_gateway
  1. From outside of network test the connection
openvpn --config openvpn-client.conf
This is an over simplified explanation, but it should get you where you need to be. For troubleshooting purposes you may need to ssh to the router and look at the running processes to make sure OpenVPN is running (`ps | grep open`). As well, you may want to change the server ip within the server's config file as well as the route entries within the client's config above to match your network.

Now I'm able to VPN to my home network from anywhere and access my systems at home securely using DD-WRT and OpenVPN. I've also setup the Network Manager applet for Gnome on my Ubuntu boxes to establish an OpenVPN connection to my router/firewall as well.


UPDATE [2/15/2008]: I received a couple of emails asking how to setup dd-wrt with service from Comcast. I personally don't use Comcast, however, I did successfully setup a dd-wrt for a friend who does.

First, you will need to get the MAC address from the computer that you originally setup your Internet connection up with through Comcast. If it's a windows system, get a command shell and type “ipconfig” on that same system. On Linux or a MAC, type 'ifconfig' from a terminal. Write down the MAC (or HWaddr) address. It will look something like 00:16:6F:12::34:56.

Next, go to the web management front-end for your dd-wrt device. Click on SETUP | MAC ADDRESS CLONE. Select “Enable”. Within the “Clone WAN MAC” field enter in the MAC address you jotted down from above. Save settings and reboot for good measure.

That should do the trick for you.

UPDATE [5/13/2008]: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. Be sure to patch vulnerable systems. [link to advisory]